Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5687
Views
0
Helpful
1
Replies

Cisco AnyConnect Secure Mobility Client 3.0 Start Before Logon PLAP

webabc123
Level 1
Level 1

‎06-20-2012 08:32 AM - edited ‎02-21-2020 06:08 PM

This documentation says enabling this "FORCES" this logon method.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac03vpn.html#wp1134595

If it is forced, that means the user can only access VPN from a domain-joined computer and cannot connect to VPN from another PC for the pupose of connecting to remote desktop or non-public OWA webmail etc..

That will not be acceptable.  Is there a way to make Start Before Logon and option so users don't have to use it, but is available as an option when needed?  Some users only need this in case their domain account password expires or is reset wheile they are on the road and would not want to use this method every day or else need to use a personal computer not joined to the domain to access VPN.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Juan Rojas
Level 1
Level 1

‎09-16-2014 04:42 PM

I know this is an old threat but just in case. You can have vpn gina module (SBL) installed and not use it. The only option that will force you to connect and you cannot control is Always-On. But SBL is optional. 

 

JP

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents